Initial commit: VaultMesh Skills collection
Collection of operational skills for VaultMesh infrastructure including: - backup-sovereign: Backup and recovery operations - btc-anchor: Bitcoin anchoring - cloudflare-tunnel-manager: Cloudflare tunnel management - container-registry: Container registry operations - disaster-recovery: Disaster recovery procedures - dns-sovereign: DNS management - eth-anchor: Ethereum anchoring - gitea-bootstrap: Gitea setup and configuration - hetzner-bootstrap: Hetzner server provisioning - merkle-forest: Merkle tree operations - node-hardening: Node security hardening - operator-bootstrap: Operator initialization - proof-verifier: Cryptographic proof verification - rfc3161-anchor: RFC3161 timestamping - secrets-vault: Secrets management 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit is contained in:
Vault Sovereign
15
node-hardening/checks/check_auditd.sh
Executable file
15
node-hardening/checks/check_auditd.sh
Executable file
@@ -0,0 +1,15 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
if ! command -v auditctl &>/dev/null; then
|
||||
echo "auditd: missing"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if systemctl is-active --quiet auditd; then
|
||||
echo "auditd: active"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "auditd: inactive"
|
||||
exit 1
|
||||
15
node-hardening/checks/check_fail2ban.sh
Executable file
15
node-hardening/checks/check_fail2ban.sh
Executable file
@@ -0,0 +1,15 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
if ! command -v fail2ban-client &>/dev/null; then
|
||||
echo "fail2ban: missing"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if systemctl is-active --quiet fail2ban; then
|
||||
echo "fail2ban: active"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "fail2ban: inactive"
|
||||
exit 1
|
||||
23
node-hardening/checks/check_ssh.sh
Executable file
23
node-hardening/checks/check_ssh.sh
Executable file
@@ -0,0 +1,23 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
if [[ ! -f /etc/ssh/sshd_config ]]; then
|
||||
echo "sshd_config: missing"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if grep -Eq '^PasswordAuthentication\s+no' /etc/ssh/sshd_config; then
|
||||
echo "ssh: password auth disabled"
|
||||
else
|
||||
echo "ssh: password auth not disabled"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if grep -Eq '^PermitRootLogin\s+no' /etc/ssh/sshd_config; then
|
||||
echo "ssh: root login disabled"
|
||||
else
|
||||
echo "ssh: root login not disabled"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
exit 0
|
||||
15
node-hardening/checks/check_ufw.sh
Executable file
15
node-hardening/checks/check_ufw.sh
Executable file
@@ -0,0 +1,15 @@
|
||||
#!/usr/bin/env bash
|
||||
set -euo pipefail
|
||||
|
||||
if ! command -v ufw &>/dev/null; then
|
||||
echo "ufw: missing"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if ufw status | grep -qi "Status: active"; then
|
||||
echo "ufw: active"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "ufw: inactive"
|
||||
exit 1
|
||||
Reference in New Issue
Block a user